mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #11236 from ethereum/fix-allowed-paths-with-stdin
Fix stdin bypassing allowed paths
This commit is contained in:
commit
8d169d3615
@ -26,6 +26,7 @@ Compiler Features:
|
|||||||
Bugfixes:
|
Bugfixes:
|
||||||
* Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general.
|
* Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general.
|
||||||
* AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
|
* AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
|
||||||
|
* Commandline interface: Fix standard input bypassing allowed path checks.
|
||||||
* SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
|
* SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
|
||||||
* SMTChecker: Fix false positive in contracts that cannot be deployed.
|
* SMTChecker: Fix false positive in contracts that cannot be deployed.
|
||||||
* SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.
|
* SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.
|
||||||
|
@ -585,15 +585,15 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
|
|||||||
if (eq != path.end())
|
if (eq != path.end())
|
||||||
{
|
{
|
||||||
if (auto r = ImportRemapper::parseRemapping(path))
|
if (auto r = ImportRemapper::parseRemapping(path))
|
||||||
{
|
|
||||||
m_remappings.emplace_back(std::move(*r));
|
m_remappings.emplace_back(std::move(*r));
|
||||||
path = string(eq + 1, path.end());
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
serr() << "Invalid remapping: \"" << path << "\"." << endl;
|
serr() << "Invalid remapping: \"" << path << "\"." << endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
string remappingTarget(eq + 1, path.end());
|
||||||
|
m_fileReader.allowDirectory(boost::filesystem::path(remappingTarget).remove_filename());
|
||||||
}
|
}
|
||||||
else if (path == "-")
|
else if (path == "-")
|
||||||
addStdin = true;
|
addStdin = true;
|
||||||
@ -628,9 +628,8 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
|
|||||||
|
|
||||||
// NOTE: we ignore the FileNotFound exception as we manually check above
|
// NOTE: we ignore the FileNotFound exception as we manually check above
|
||||||
m_fileReader.setSource(infile, readFileAsString(infile.string()));
|
m_fileReader.setSource(infile, readFileAsString(infile.string()));
|
||||||
path = boost::filesystem::canonical(infile).string();
|
m_fileReader.allowDirectory(boost::filesystem::path(boost::filesystem::canonical(infile).string()).remove_filename());
|
||||||
}
|
}
|
||||||
m_fileReader.allowDirectory(boost::filesystem::path(path).remove_filename());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (addStdin)
|
if (addStdin)
|
||||||
|
1
test/cmdlineTests/stdin_allowed_paths/args
Normal file
1
test/cmdlineTests/stdin_allowed_paths/args
Normal file
@ -0,0 +1 @@
|
|||||||
|
-
|
11
test/cmdlineTests/stdin_allowed_paths/err
Normal file
11
test/cmdlineTests/stdin_allowed_paths/err
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Error: Source "too_long_line/input.sol" not found: File outside of allowed directories.
|
||||||
|
--> <stdin>:4:1:
|
||||||
|
|
|
||||||
|
4 | import "../too_long_line/input.sol";
|
||||||
|
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
Error: Source "error_codes/input.sol" not found: File outside of allowed directories.
|
||||||
|
--> stdin_allowed_paths/input.sol:4:1:
|
||||||
|
|
|
||||||
|
4 | import "../error_codes/input.sol";
|
||||||
|
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
1
test/cmdlineTests/stdin_allowed_paths/exit
Normal file
1
test/cmdlineTests/stdin_allowed_paths/exit
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
4
test/cmdlineTests/stdin_allowed_paths/input.sol
Normal file
4
test/cmdlineTests/stdin_allowed_paths/input.sol
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
// SPDX-License-Identifier: GPL-3.0
|
||||||
|
pragma solidity >=0.0;
|
||||||
|
|
||||||
|
import "../error_codes/input.sol";
|
4
test/cmdlineTests/stdin_allowed_paths/stdin
Normal file
4
test/cmdlineTests/stdin_allowed_paths/stdin
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
// SPDX-License-Identifier: GPL-3.0
|
||||||
|
pragma solidity >=0.0;
|
||||||
|
|
||||||
|
import "../too_long_line/input.sol";
|
Loading…
Reference in New Issue
Block a user